safebox/guacamole-client
4
0
Fork 0
mirror of https://github.com/gyurix1968/guacamole-client.git synced 2025-09-06 05:07:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

GUACAMOLE-1239: Make identifier comparison case-insensitive.

Browse Source
This commit is contained in:
Virtually Nick
2023-07-18 17:26:40 -04:00
parent 073d1d476e
commit 4d5101574a
43 changed files with 853 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/ConnectedLDAPConfiguration.java
View File

@@ -223,5 +223,10 @@ public class ConnectedLDAPConfiguration implements LDAPConfiguration, AutoClosea
public MemberAttributeType getMemberAttributeType() throws GuacamoleException {
return config.getMemberAttributeType();
}
@Override
public boolean getCaseSensitiveUsernames() throws GuacamoleException {
return config.getCaseSensitiveUsernames();
}
}

13
extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/conf/DefaultLDAPConfiguration.java
View File

@@ -19,6 +19,7 @@
package org.apache.guacamole.auth.ldap.conf;
import com.google.inject.Inject;
import java.util.Collections;
import java.util.List;
import org.apache.directory.api.ldap.model.filter.ExprNode;
@@ -27,6 +28,7 @@ import org.apache.directory.api.ldap.model.message.AliasDerefMode;
import org.apache.directory.api.ldap.model.name.Dn;
import org.apache.guacamole.GuacamoleException;
import org.apache.guacamole.GuacamoleServerException;
import org.apache.guacamole.environment.Environment;
/**
* LDAPConfiguration implementation that returns the default values for all
@@ -35,6 +37,12 @@ import org.apache.guacamole.GuacamoleServerException;
*/
public class DefaultLDAPConfiguration implements LDAPConfiguration {
/**
* The environment in which Guacamole is running.
*/
@Inject
private Environment environment;
@Override
public String appliesTo(String username) {
return null;
@@ -150,5 +158,10 @@ public class DefaultLDAPConfiguration implements LDAPConfiguration {
throws GuacamoleException {
return MemberAttributeType.DN;
}
@Override
public boolean getCaseSensitiveUsernames() throws GuacamoleException {
return environment.getCaseSensitiveUsernames();
}
}

14
extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/conf/EnvironmentLDAPConfiguration.java
View File

@@ -233,5 +233,19 @@ public class EnvironmentLDAPConfiguration implements LDAPConfiguration {
DEFAULT.getMemberAttributeType()
);
}
@Override
public boolean getCaseSensitiveUsernames() throws GuacamoleException {
// Most LDAP directories do not factor in case when comparing usernames,
// however, in order to avoid surprising anyone who may rely on this
// behavior in Guacamole, this is currently defaulted the overall
// Guacamole configuration (default of true), but can be over-ridden
// for the LDAP extension specifically, if desired.
return environment.getProperty(
LDAPGuacamoleProperties.LDAP_CASE_SENSITIVE_USERNAMES,
environment.getCaseSensitiveUsernames()
);
}
}

13
extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/conf/JacksonLDAPConfiguration.java
View File

@@ -203,6 +203,13 @@ public class JacksonLDAPConfiguration implements LDAPConfiguration {
*/
@JsonProperty("member-attribute-type")
private String memberAttributeType;
/**
* The raw YAML value of {@link LDAPGuacamoleProperties#LDAP_USERNAMES_CASE_SENSITIVE}.
* If not set within the YAML, this will currently default to true.
*/
@JsonProperty("case-sensitive-usernames")
private String caseSensitiveUsernames;
/**
* The default configuration options for all parameters.
@@ -439,5 +446,11 @@ public class JacksonLDAPConfiguration implements LDAPConfiguration {
return withDefault(LDAPGuacamoleProperties.LDAP_MEMBER_ATTRIBUTE_TYPE,
memberAttributeType, defaultConfig::getMemberAttributeType);
}
@Override
public boolean getCaseSensitiveUsernames() throws GuacamoleException {
return withDefault(LDAPGuacamoleProperties.LDAP_CASE_SENSITIVE_USERNAMES,
caseSensitiveUsernames, defaultConfig::getCaseSensitiveUsernames);
}
}

17
extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/conf/LDAPConfiguration.java
View File

@@ -20,7 +20,6 @@
package org.apache.guacamole.auth.ldap.conf;
import java.util.Collection;
import java.util.List;
import org.apache.directory.api.ldap.model.filter.ExprNode;
import org.apache.directory.api.ldap.model.message.AliasDerefMode;
import org.apache.directory.api.ldap.model.name.Dn;
@@ -334,5 +333,21 @@ public interface LDAPConfiguration {
* retrieved.
*/
MemberAttributeType getMemberAttributeType() throws GuacamoleException;
/**
* Returns true if the usernames provided to the LDAP authentication
* module should be treated as case-sensitive, or false if usernames
* should be treated as case-insensitive. The default is true, usernames
* will be case-sensitive in keeping with the past behavior of Guacamole
* prior to the addition of this option.
*
* @return
* true if usernames should be treated as case-sensitive, otherwise
* false.
*
* @throws GuacamoleException
* If guacamole.properties cannot be parsed.
*/
boolean getCaseSensitiveUsernames() throws GuacamoleException;
}

12
extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/conf/LDAPGuacamoleProperties.java
View File

@@ -306,5 +306,17 @@ public class LDAPGuacamoleProperties {
public String getName() { return "ldap-member-attribute-type"; }
};
/**
* A property used to configure whether or not usernames within the LDAP
* module should be treated as case-sensitive.
*/
public static final BooleanGuacamoleProperty LDAP_CASE_SENSITIVE_USERNAMES =
new BooleanGuacamoleProperty() {
@Override
public String getName() { return "ldap-case-sensitive-usernames"; }
};
}

25
extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/user/LDAPAuthenticatedUser.java
View File

@@ -24,10 +24,13 @@ import java.util.Collections;
import java.util.Map;
import java.util.Set;
import org.apache.directory.api.ldap.model.name.Dn;
import org.apache.guacamole.GuacamoleException;
import org.apache.guacamole.auth.ldap.ConnectedLDAPConfiguration;
import org.apache.guacamole.net.auth.AbstractAuthenticatedUser;
import org.apache.guacamole.net.auth.AuthenticationProvider;
import org.apache.guacamole.net.auth.Credentials;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
/**
* An LDAP-specific implementation of AuthenticatedUser, associating a
@@ -35,6 +38,11 @@ import org.apache.guacamole.net.auth.Credentials;
*/
public class LDAPAuthenticatedUser extends AbstractAuthenticatedUser {
/**
* The logger for this class.
*/
private static final Logger LOGGER = LoggerFactory.getLogger(LDAPAuthenticatedUser.class);
/**
* Reference to the authentication provider associated with this
* authenticated user.
@@ -135,6 +143,23 @@ public class LDAPAuthenticatedUser extends AbstractAuthenticatedUser {
return config;
}
@Override
public boolean isCaseSensitive() {
try {
return config.getCaseSensitiveUsernames();
}
catch (GuacamoleException e) {
// LDAP authentication is almost universally case-insensitive,
// however, we're maintaining case-sensitivity within Guacamole
// at the moment in order to avoid surprising anyone with this change.
// Case-sensitivity can be disabled as a configuration option.
LOGGER.error("Error retrieving configuration for username case-sensitivity: {}. "
+ "Username comparisons will be done case-sensitively.", e.getMessage());
LOGGER.debug("Caught exception when retrieving case-sensitivity configuration.", e);
return true;
}
}
@Override
public AuthenticationProvider getAuthenticationProvider() {
return authProvider;